/* eslint-env mocha */
+/* eslint-disable sonarjs/no-duplicate-string */
+/* eslint-disable jsdoc/require-jsdoc */
'use strict';
-const assert = require('assert');
-const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require
+const assert = require('node:assert');
+const sinon = require('sinon');
const Authenticator = require('../../lib/authenticator');
const stubLogger = require('../stub-logger');
const stubDb = require('../stub-db');
assert.deepStrictEqual(e, expected);
assert(authenticator.db.authenticationUpsert.called);
assert(authenticator.logger.error.called);
- }
+ }
});
}); // createIdentifier
}); // _validateAuthDataCredential
describe('isValidBasic', function () {
+ const b64 = (x) => Buffer.from(x).toString('base64');
it('succeeds', async function () {
_authMechanismRequired(authenticator, 'argon2');
authenticator.db.authenticationGet.resolves({
identifier,
credential,
});
- const authString = `${identifier}:${password}`;
+ const authString = b64(`${identifier}:${password}`);
const result = await authenticator.isValidBasic(authString, ctx);
assert.strictEqual(result, true);
assert.strictEqual(ctx.authenticationId, identifier);
identifier,
credential,
});
- const authString = `${identifier}:wrongPassword}`;
+ const authString = b64(`${identifier}:wrongPassword}`);
const result = await authenticator.isValidBasic(authString, ctx);
assert.strictEqual(result, false);
assert.strictEqual(ctx.authenticationId, undefined);
});
it('covers no entry', async function() {
authenticator.db.authenticationGet.resolves();
- const authString = `${identifier}:wrongPassword}`;
+ const authString = b64(`${identifier}:wrongPassword}`);
const result = await authenticator.isValidBasic(authString, ctx);
assert.strictEqual(result, false);
assert.strictEqual(ctx.authenticationId, undefined);
identifier,
credential: '$other$kind_of_credential',
});
- const authString = `${identifier}:wrongPassword}`;
+ const authString = b64(`${identifier}:wrongPassword}`);
const result = await authenticator.isValidBasic(authString, ctx);
assert.strictEqual(result, false);
assert.strictEqual(ctx.authenticationId, undefined);
});
}); // checkOTP
+ describe('updateOTPKey', function () {
+ let dbCtx, otpKey;
+ beforeEach(function () {
+ dbCtx = {};
+ otpKey = 'CDBGB3U3B2ILECQORMINGGSZN7LXY565';
+ });
+ it('covers success', async function () {
+ await authenticator.updateOTPKey(dbCtx, identifier, otpKey);
+ assert(authenticator.db.authenticationUpdateOTPKey.called);
+ });
+ it('covers failure', async function () {
+ authenticator.db.authenticationUpdateOTPKey.rejects();
+ assert.rejects(authenticator.updateOTPKey(dbCtx, identifier, otpKey));
+ });
+ }); // updateOTPKey
+
describe('sessionCheck', function () {
let req, res, loginPath, required, profilesAllowed;
beforeEach(function () {
it('covers missing basic auth, ignores session', async function () {
req.getHeader.returns();
sinon.stub(authenticator, 'isValidAuthorization').resolves(true);
- assert.rejects(authenticator.apiRequiredLocal(req, res, ctx, false), {
+ assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx, false), {
name: 'ResponseError',
statusCode: 401,
});
assert(!authenticator.isValidAuthorization.called);
assert(res.setHeader.called);
});
+ it('covers errors', async function () {
+ sinon.stub(authenticator, 'isValidAuthorization').rejects();
+ req.getHeader.returns('Basic Zm9vOmJhcg==');
+ assert.rejects(() => authenticator.apiRequiredLocal(req, res, ctx));
+ });
}); // apiRequiredLocal
}); // Authenticator